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Amendments to the claims: 

This listing of the claims will replace all prior versions and listings of the claims in 
the application: 

Listing of Claims 

1 . (Currently Amended) A method of providing a dynamic security management 
in an apparatus (1) comprisin g , the apparatus comprising : a platform for running an 
application [[(2)]]; a security manager [[(7)]] for handling access of the application [[(2)]] to 
functions [[(3)]] existing in the apparatus; an application interface (1 1 A) between the 
platform and the application [[(2)]]; a set of access permissions stored in the apparatus and 
used by the security manager [[(7)]] for controlling access of the application [[(2)]] to 
functions [[(3)]] through the application interface (1 1 A), characteris e d by the st e ps of the 
method comprising : 

downloading into the apparatus [[(1)]] an object containing access permissions 
applicable to at least one function [[(3)]]; 
verifying the object; and 

installing the access permissions together with the existing permissions. 

2. (Currently Amended) A method according to claim 1 , charact e ris e d in that 
wherein the object is verified by checking a certificate chain of the object. 

3. (Currently Amended) A method according to claim 1 or 2, charact e ris e d in 
that it is v e rifi e d that further comprising verifying that a policy [[(8)]] of the function allows 
updates. 

4. (Currently Amended) A method according to any on e of th e pr e vious claims, 
charact e ris e d by downloading a further obj e ct containing a library (12), or th e download e d 
object further containing a library (12), said claim K further comprising installing a library 
[[(12)]] comprising new routines and/or new functions to be called by an application or 
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another library stored in the apparatus ; and installing th e library (12) to enable access of 
functions [[(3)]] through the application interface (1 1A) . 

5. (Currently Amended) A method according to claim 4, charact e ris e d in that 
wherein the new routines and/or new functions can access existing functions through [[a]] the 
library [[(12)]]. 

6. (Currently Amended) A method according to claim 5, charact e rised in that 
wherein the security manger [[(7)]], when accessing functions, recursively checks the 
permissions of the application interfaces (1 1 A, 1 IB) and libraries (+3) in a linked chain 
related to the called functions [[(3)]]. 

7. (Currently Amended) A method according to any on e of th e pr e vious claims, 
charact e ris e d by downloading a furth e r object containing an application (2), or th e 
download e d obj e ct furth e r containing an application (2), said application (2) containing at 
l e ast on e n e w function; and claim L further comprising installing the a_new function so that 
the new function can access existing functions through the application interface (1 1 A) . 

8. (Currently Amended) A method according to claim 7, charact e ris e d in that 
wherein the new functions can access existing functions through a library [[(12)]]. 

9. (Currently Amended) A method according to any on e of th e pr e vious claims, 
charact e ris e d in that claim 1 , wherein the access permissions are contained in a policy file. 

10. (Currently Amended) A method according to claim 9, charact e ris e d in that 
wherein the policy file has a structure linking access levels of existing functions with a 
domain associated with the downloaded object. 
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1 1 . (Currently Amended) A method according to claim 9 or 10, charact e ris e d in 
that -, wherein the policy file has a structure linking access levels of existing functions with 
information contained in a certificate chain. 

12. (Currently Amended) A method according to claim 11, charact e ris e d in that 
wherein the information includes asignature of the end entity certificate, a_signature of an 
intermediate certificate, or specific level information (level OID). 

13. (Currently Amended) A method according to claim 1 0 or 1 1 , charact e ris e d in 
that wherein the policy file has a structure including logical expressions. 

14. (Currently Amended) A method of providing a dynamic security management 
in an apparatus 17(1)11 , the apparatus comprising: a platform for running an application 
[[(2)1J; a security manager [[(7)]] for handling access of the application [[(2)]] to functions 
[[(3)]] existing in the apparatus; an application interface (1 1 A) between the platform and the 
application [[(2)]]; a set of access permissions stored in the apparatus and used by the 
security manager [[(7)]] for controlling access of the application [[(2)]] to functions [[(3)]] 
through the application interface (1 1 A) , charact e ris e d by th e st e ps of , the method 
comprising : 

storing the access permissions in a security policy [[(8)]]; and 
providing the security policy [[(8)]] with a hierarchical structure. 

15. (Currently Amended) A method according to claim 14, charact e ris e d in that 
wherein the security policy [[(8)]] has a structure linking access levels of existing functions 
with a domain associated with the downloaded object. 

16. (Currently Amended) A method according to claim 15, charact e ris e d in that 
wherein the security policy [[(8)]] has a structure linking access levels of existing functions 
with information contained in a certificate chain. 
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17. (Currently Amended) A method according to claim 16, charact e ris e d in that 
wherein the information includes a_signature of the end entity certificate, ^signature of an 
intermediate certificate, or specific level information (level OID). 

18. (Currently Amended) An apparatus [[(1)]] with dynamic security management 
comprising: 

a platform for running an application [[(2)]]; 

a security manager [[(7)]] for handling access of the application [[(2)]] to functions 
[[(3)]] existing in the apparatus [[(1)]]; 

an application interface (1 1A) between the platform and the application [[(2)]]; 

a set of access permissions stored in the apparatus and used by the security manager 
[[(7)]] for controlling access of the application [[(2)]] to functions [[(3)]] through the 
application interface (1 1 A), charact e ris e d in that wherein t he apparatus [[(1)]] is arranged 
configured to download an object containing access permissions applicable to at least one 
function [[(3)]]; to verify the object; and to install the access permissions together with the 
existing permissions. 

19. (Currently Amended) An apparatus according to claim 18, characterised in 
that wherein the security manager [[(7)]] is adapt e d configured to verify the object by 
checking a certificate chain of the object. 

20. (Currently Amended) An apparatus according to claim 1 8 or 1 9, charact e ris e d 
in that wherein the security manager [[(7)]] is adapt e d configured to verify that a policy of the 
function allows updates. 

2 1 . (Currently Amended) An apparatus according to any on e of claims 1 8 to 20, 
charact e rised in that claim 18, wherein the apparatus is arranged to download a further object 
containing a library (12), or the downloaded obj e ct furth e r containing a library (12), said 
configured to install a library (12) comprising new routines and/or new functions to be called 
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by an application [[(2)]] or another library [[(12)]] stored in the apparatus ; and to install th e 
library (12) to enable access of functions through the application interface (1 1A) . 

22. (Currently Amended) An apparatus according to claim 21, charact e ris e d in 
that wherein the new routines and/or new functions can access existing functions through 
[[a]] the library [[(12)]]. 

23. (Currently Amended) An apparatus according to claim 22, characteris e d in 
that wherein the security manger [[(7)]], when accessing functions, is adapt e d configured to 
recursively check the permissions of the application interfaces (11A, 1 IB) and libraries £1-2) 
in a linked chain related to the called functions,, 

24. (Currently Amended) An apparatus according to any on e claims 1 8 to 23, 
charact e ris e d in that claim 18, wherein the apparatus is arrang e d to download a furth e r obj e ct 
containing an application (2), or th e download e d obj e ct furth e r containing an application (2), 
said application (2) containing at l e ast on e n e w function; and configured to install the anew 
function so that the new function can access existing functions through the application 
interface (1 1A) . 

25. (Currently Amended) An apparatus according to claim 24, charact e ris e d in 
that wherein the new functions can access existing functions through a library [[(12)]]. 

26. (Currently Amended) An apparatus according to any on e of claims 18 to 25, 
charact e ris e d in that claim 1 8, wherein the access permissions are contained in a policy file. 

27. (Currently Amended) An apparatus according to claim 26, charact e ris e d in 
that wherein the policy file has a structure linking access levels of existing functions with a 
domain associated with the downloaded object. 
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28. (Currently Amended) An apparatus according to claim 26 or 27 , charact e ris e d 
in that wherein the policy file has a structure linking access levels of existing functions with 
information contained in a certificate chain. 

29. (Currently Amended) An apparatus according to claim 28, charact e ris e d in 
that wherein the information includes a_signature of the end entity certificate, a_signature of 
an intermediate certificate, or specific level information (level OID).. 

30. (Currently Amended) An apparatus according to claim 28 or 29 , characteris e d 
in that wherein the policy file has a structure including logical expressions. 

3 1 . (Currently Amended) An apparatus (1) of for providing a dynamic security 
management in an apparatus comprising: 

a platform for running an application [[(2)]]; 

a security manager [[(7)]] for handling access of the application [[(2)]] to functions 
[[(3)]] existing in the apparatus; 

an application interface (1 1 A) between the platform and the application [[(2)]]; 

a set of access permissions stored in the apparatus and used by the security manager 
[[(7)]] for controlling access of the application [[(2)]] to functions [[(3)]] through the 
application interface (1 1 A), charact e ris e d in that th e apparatus is arrang e d a wherein the 
apparatus is configured to store the access permissions in a security policy [[(8)]]; and 
provide the security policy [[(8)]] with a hierarchical structure. 

32. (Currently Amended) An apparatus according to claim 31, characteris e d in 
that- wherein the security policy [[(8)]] has a structure linking access levels of existing 
functions with a domain associated with the downloaded object. 

33. (Currently Amended) An apparatus according to claim 32, charact e rised in 
that wherein the security policy [[(8)]] has a structure linking access levels of existing 
functions with information contained in a certificate chain. 
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34. (Currently Amended) An apparatus according to claim 33, charact e ris e d in 
tha^ wherein the information includes a signature of the end entity certificate, a_signature of 
an intermediate certificate, or specific level information (level OID). 

35. (Currently Amended) An apparatus according to any on e of claims 18 to 31, 
characterised in that claim 18, wherein the apparatus [[(1)]] is a portable telephone, a pager, 
communicator, a smart phone, or an electronic organiser. 



